ACTIVATION CENTER
CONTROL PLANE STATUS ACTIVE
Requests
all-time
Est. Saved Today
estimated
Alerts
all-time
Control Posture
AutoFix
Inspector
Output Cap
Routing
aggregate value proof · per-request proof lives in Request Detail
RECENT CONTROL FEED
  • Loading recent governance events…
OPERATIONAL SURFACES detailed control plane observability
REQUEST OPERATIONS LIVE
Loaded
Failed
Inspector Observed
Controlled
Trusted Traffic
LATEST EVENTS Loaded latest 25 events · time-range filter coming later
LIVE CONTROL FEED
  • Loading governance activity…
TimeUserModelDept TokensCostRiskMaskedCache
TimeUserModelRisk ScoreMasked FieldsAlert
ACTIVATE NIZAM CONTROL
Connect a provider, create a Nizam API key, route your first request, and verify in Live Control Feed.
  1. 01
    Connect provider
    Add an OpenAI-compatible provider credential. Provider keys stay server-side — never exposed to client applications.
    Required
  2. 02
    Create Nizam API key
    Client applications authenticate with Nizam API keys (prefix nzm_live_ or nzm_test_). Provider keys never leave the Edge service.
    Required
  3. 03
    Send first request
    Route traffic through Nizam Edge using Authorization: Bearer nzm_live_... — not your provider key. Use the demo traffic button to run test scenarios instantly.
    Required
  4. 04
    Verify in Live Control Feed
    Confirm request attribution, provider status, Inspector evidence, and routing decisions in the control feed.
    Required
  5. 05
    Configure controls
    Set workspace governance, output cap, token budget, Inspector, routing, or AutoFix controls.
    Recommended

Department Breakdown

Model Breakdown

Department Summary

DepartmentRequestsTokensCost (USD)
BUDGET OVERVIEW WORKSPACE
Lifetime Spend
Tokens Observed
Estimated Saved Today
Departments Tracked
Near / Over Budget
Workspace budget limits are policy-gated. When a request would exceed the monthly limit, the API gateway returns a 402 response. Budget exposure is recomputed from audit-backed evidence on every refresh.

Department Budget Policies

Configure per-department monthly spend caps. Caps apply to traffic attributed to the workspace's API keys.

Budget Activity — This Month

Audit-backed exposure for each department policy. Near budget ≥ 80% · Over budget ≥ 100%.

FUTURE SCOPE · Department-level budgets and organization-level spend controls are planned for company accounts. Current scope covers workspace-attributed traffic only.
EVIDENCE OVERVIEW AUDIT-BACKED
Loading evidence overview…
REVIEW QUEUE OPERATOR ACTIONS

Top opportunities by category. Items are observe-only signals until a policy is applied.

Loading review queue…
SAVINGS EVIDENCE AUDIT-BACKED
Loading savings evidence…
CONFIDENCE LAYER
  • Observed — Nizam detected an opportunity or exposure. No request was modified.
  • Estimated — Nizam estimated possible savings or exposure reduction. Estimates are not guaranteed.
  • Applied — A policy action actually changed or constrained request behavior under workspace policy.
  • Verified — Provider- or result-backed verification exists. Most categories cannot be verified today.
  • Observe-only findings are opportunities, not realized savings. Per-request proof lives in Request Detail under Economics and AutoFix Findings.
REVIEW QUEUE OVERVIEW OPERATOR FEEDBACK

Review Queue prepares operator feedback for future Inspector, AutoFix, routing, and savings verification workflows. Current feedback actions are not persisted yet.

Loading review queue…
REVIEW CATEGORIES OBSERVE · ESTIMATE · APPLY
Loading categories…
FEEDBACK ACTIONS COMING LATER
Loading…
FEEDBACK DATA MODEL FUTURE SCHEMA

Future feedback/evidence model fields. This is UI documentation only — these fields are not all currently stored in the database.

Loading…
FEEDBACK SAFETY RULES
Loading…
CLIENT AUTHENTICATION NIZAM API KEY

Use Nizam API keys in your applications. These keys authenticate requests to Nizam Edge before they reach any provider. Provider keys (OpenAI, Anthropic, Groq, DeepSeek) stay server-side and are never returned to the dashboard or to your client.

// Client request
fetch('<your-edge-url>/v1/chat/completions', {
  headers: { 'authorization': 'Bearer nzm_live_...' },
  body: JSON.stringify({ model: 'gpt-4o-mini', messages: [...] })
})
request attribution surfaces in Requests · Request Detail
WORKSPACE NIZAM API KEYS CUSTOMER GATEWAY
CLIENT KEY WORKSPACE-SCOPED ONE-TIME REVEAL MASKED AFTER CREATION
Use for AI request routing through Nizam Edge.
Issued keys
  • Loading…
LEGACY ATTRIBUTION KEYS DEPARTMENT KEYS

Workspace Nizam API keys above are the primary client authentication path. Legacy/department key records are kept for compatibility until the attribution model is consolidated.

Issue Department Key Record

Department Key Records

NameRoleDepartmentAPI KeyRate LimitStatusActions
KEY SAFETY RULES
  • Do not put provider keys in client code. Provider credentials (OpenAI, Anthropic, Groq, DeepSeek) belong on Providers, server-side only.
  • Use Nizam API keys in client applications. Authorization: Bearer nzm_live_...
  • Store provider credentials only on the Providers page. They are never returned to the dashboard or to your client.
  • Rotate keys immediately if exposed. The one-time reveal cannot be repeated.
  • Audit request attribution through Requests · Request Detail — every governed request records the workspace and API key id that authenticated it.

Add New User

All Users

NameEmailRoleDepartmentCreatedAction
Configuration
Prompt
Security Analysis
Run a prompt to see security analysis...
Usage & Cost
Model Routing
Response
Run a prompt to see the response...

Request Flow

💻
Your Application
Developer / App / Service
🛡️
Nizam Control Gateway
Auth · Rate Limit · Policy · Token Limit
🧠
Intelligence Layer
Budget Check · AutoFix · Inspector · Routing Triage
🔒
Governance & Safety Layer
PII Detection · Content Safety Signals · Audit Evidence
🤖
AI Providers
OpenAI · Gemini · Anthropic Claude
↑ Response + Audit Log
🔐
Identity & Access
API key auth with role-based model policies. Intern → basic models, Admin → all models.
💰
Budget Enforcement
Monthly per-department spend policies. Budget signals drive near/over-budget audit evidence and workspace notifications.
Routing Triage
Routing candidates observed for model triage. Downgrade enforcement requires routing policy configured in Governance.
🗄️
Context Waste Detection
Context and token waste detected across workspaces. Duplicate and stale context events surface in Savings Evidence.
🔒
Security Scanning
PII patterns detected and flagged for audit evidence. Detection is observe-only — content is not modified or blocked by default.

Integration — Route through Nizam Edge

// Before Nizam Control
fetch('https://api.openai.com/v1/chat/completions', { ... })

// After Nizam Control — governance, audit, AutoFix, economics included
fetch('<your-edge-url>/v1/chat/completions', {
  headers: { 'authorization': 'Bearer nzm_live_...' },
  body: JSON.stringify({ model: 'gpt-4o-mini', messages: [...] })
})
AUTOFIX CONTROL
AutoFix Status
Loading AutoFix configuration…
WORKSPACE POLICY PERSISTED
GOVERNANCE OVERVIEW Policy changes affect how Nizam evaluates, observes, or controls AI traffic before provider forwarding.
AutoFix Mode
Inspector State
Routing Enforcement
Output Cap
Token Budget
AUTOFIX CONTROLS AutoFix actions are policy-gated. Do not claim applied savings unless an action was applied.
AutoFix Default Mode
Observe by default. Enforcement is opt-in and policy-gated.
Force Observe-Only
Outranks everything. No enforcement, no mutation. Recommended during controlled rollout evaluation.
Conservative Mode
Conservative mode avoids aggressive mutation for risky requests.
Cheap-Tier Mode
Cheap-tier mode reduces output token exposure for low-risk requests.
ROUTING / MODEL CONTROL Routing enforcement only applies when policy enables it. Otherwise routing remains observe-only.
Routing Enforcement
When disabled, smart routing only observes. When enabled, opt-in headers may shape execution.
OUTPUT CONTROL Output cap can reduce output token exposure when policy is enabled. Observe-only until enforcement is explicitly enabled.
Max Output Tokens
Optional workspace output cap. When unset, Nizam can still detect missing request-level output caps, but it will not enforce a cap unless Output Cap Enforcement is enabled below. (16–8192)
Output Cap Enforcement
When enabled, trusted workspace API-key requests whose max_tokens exceeds the configured Max Output Tokens will be clamped before forwarding. Requires Max Output Tokens to be set. Disabled by default — must be explicitly opted in per workspace.
TOKEN BUDGET Soft monthly budget hint. Surfaces near/over budget signals in the economics ledger.
Token Budget Limit
Soft monthly budget hint per workspace. Drives near/over budget signals in audit evidence. (128–250000)
CONTENT SAFETY Detection signals only — Nizam flags sensitive patterns for audit; it does not provide a PII firewall in this version.
PII Detection
PII detection flags sensitive patterns before upstream execution. Detection is audit-backed evidence; it does not block traffic.
INSPECTOR CONTROLS Observe-only semantic review for high-risk, high-cost, or unclear AI requests. Inspector does not block, rewrite, or enforce in this phase.
Inspector Status
Live status reflects the saved Inspector configuration.
Inspector Mode
Off — Inspector will not evaluate requests.
Observe — Inspector evaluates and records evidence only. No action is applied.
Preview only — Inspector shows what would be flagged. No action is applied.
Inspector Online / Offline
Offline — Inspector signals are not evaluated.
Online — trusted workspace API-key requests may receive observe-only Inspector review when trigger conditions fire.
Input-side Inspector
Controls pre-provider request inspection. When disabled, Inspector remains off even if Inspector is Online.
Trigger Level
conservative — Only stronger risk/cost signals trigger Inspector.
balanced — Recommended default. Reviews meaningful risk/cost/quality signals.
aggressive — More eager review. Higher observability, more overhead.
Prompt Excerpt Permission
When disabled, Inspector receives structured metadata only. When enabled, Nizam may include a bounded, redacted excerpt of the last user message. The full prompt is never sent. Disabled by default.
Max Excerpt Characters
Ignored while Prompt Excerpt Permission is disabled.
Fail Open
Fail-open means Inspector errors/timeouts do not block AI traffic. Phase 35 route behavior remains fail-open. This policy field is reserved for later enforcement phases. Disabling this toggle has no effect on current request handling — no traffic is blocked or delayed by Inspector in this phase.
Inspector Timeout (ms)
Maximum milliseconds Inspector may take per request before fail-open kicks in. (100–5000)
CLIENT AUTHENTICATION · Workspace Nizam API keys (the primary client authentication path) live on the dedicated
PROVIDER CREDENTIALS BYOK

Provider credentials are stored server-side and used by Nizam when forwarding trusted requests. Your application uses a Nizam API key — never a provider key directly.

SERVER-SIDE SECRET PROVIDER CREDENTIAL BYOK NEVER RETURNED TO CLIENT
client app  →  Nizam Edge (Bearer nzm_live_…)  →  provider (server-side key)
ADD PROVIDER SERVER-SIDE ONLY

Paste the provider API key here only. Do not use this key in client applications — your client should authenticate with a Nizam API key instead.

CONNECTED PROVIDERS WORKSPACE

Only safe metadata is shown. Provider credentials remain server-side and are never returned to the dashboard.

No workspace provider configured. Trusted requests use workspace provider credentials when configured; otherwise provider_unreachable can be expected until provider credentials are added.
PROVIDER ROUTING CONTEXT

When a request is authenticated with a trusted Nizam API key, Nizam resolves the workspace provider configuration before forwarding. Until provider credentials are configured, provider_unreachable responses can be expected on the Edge; this is honest behavior and surfaces in Request Detail under Provider Failure.

Total Companies
Total Requests
Total Revenue Cost

Companies

Company Email Plan Keys Requests Cost Joined